Closed
      
        Bug 1390731
      
      
        Opened 8 years ago
          Closed 8 years ago
      
        
    
  
Crash in [@ mozilla::layers::WebRenderBridgeParent::GetRootCompositorBridgeParent ]       
    Categories
(Core :: Graphics: WebRender, defect)
Tracking
()
        RESOLVED
        FIXED
        
    
  
        
            mozilla57
        
    
  
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected | 
| firefox55 | --- | unaffected | 
| firefox56 | --- | disabled | 
| firefox57 | --- | fixed | 
People
(Reporter: jan, Assigned: sotaro)
References
(Blocks 1 open bug)
Details
(Keywords: crash, nightly-community)
Crash Data
Attachments
(1 file, 2 obsolete files)
| 930 bytes,
          patch         | kats
:
              
              review+ | Details | Diff | Splinter Review | 
Nightly 57 x64 20170815100349 @ Windows 10 with webrender+webrendest enabled
bp-16a6a97c-5d92-42a7-a17e-1afbc0170816
I closed some of the many bugzilla tabs and suddently my whole Nightly window became red. I pressed Ctrl+T to open a new tab then which seemed to fix it, but I don't know.
| Reporter | ||
| Updated•8 years ago
           | 
Keywords: nightly-community
| Assignee | ||
| Comment 1•8 years ago
           | ||
It seems that when WebRenderBridgeParent::GetRootCompositorBridgeParent() was called, LayerTreeId was already removed at CompositorBridgeParent.
| Assignee | ||
| Comment 2•8 years ago
           | ||
LayerTreeId is removed like the following sequence when GPU process exists. The route is different than a route of calling WebRenderBridgeParent::Destroy().
RenderFrameParent::ActorDestroy(ActorDestroyReason why)
->GPUProcessManager::UnmapLayerTreeId()
->mGPUChild->SendRemoveLayerTreeIdMapping();
->GPUParent::RecvRemoveLayerTreeIdMapping()
->CompositorBridgeParent::DeallocateLayerTreeId();
->CompositorLoop()->PostTask(NewRunnableFunction(&EraseLayerState, aId));
->EraseLayerState(uint64_t aId)
Therefore there could be a case that WebRenderBridgeParent still is not called WebRenderBridgeParent::Destroy() after LayerTreeId removal.
| Assignee | ||
| Comment 3•8 years ago
           | ||
There seems two way to address the problem.
[1] call WebRenderBridgeParent::Destroy() in EraseLayerState(uint64_t aId).
[2] Modify WebRenderBridgeParent::GetRootCompositorBridgeParent() as to handle CompositorBridgeParent::GetIndirectShadowTree() == nullptr.
| Assignee | ||
| Comment 4•8 years ago
           | ||
[2] seems simpler to address the problem.
| Assignee | ||
| Comment 5•8 years ago
           | ||
I changed my mind [1] seems more consistent for WebRenderBridgeParent and better.
| Assignee | ||
| Updated•8 years ago
           | 
Assignee: nobody → sotaro.ikeda.g
| Assignee | ||
| Comment 6•8 years ago
           | ||
| Reporter | ||
| Updated•8 years ago
           | 
| Assignee | ||
| Comment 7•8 years ago
           | ||
| Assignee | ||
| Updated•8 years ago
           | 
        Attachment #8898182 -
        Flags: review?(bugmail)
| Comment 8•8 years ago
           | ||
Hmm I kind of prefer solution [2]. WebRenderBridgeParent::GetRootCompositorBridgeParent already returns nullptr in some cases and all the call sites of that function gracefully handle the null return. So I think in the case that EraseLayerState is called early, GetRootCompositorBridgeParent should detect that instead of asserting there is a layer state, and return nullptr.
My reasoning for this is that WebRenderBridgeParent is kind of equivalent to LayerTransactionParent, and LayerTransactionParent doesn't do any special handling inside EraseLayerState so we shouldn't need to do it for WebRenderBridgeParent either. If we introduce code path differences like this then we might introduce new bugs, but if we stick to what we know works with LayerTransactionParent in Gecko then we should end up with similar behaviour.
What do you think?
| Assignee | ||
| Updated•8 years ago
           | 
        Attachment #8898182 -
        Flags: review?(bugmail)
| Assignee | ||
| Comment 9•8 years ago
           | ||
Thansk. It is reasonable :)
| Assignee | ||
| Updated•8 years ago
           | 
        Attachment #8898182 -
        Attachment is obsolete: true
| Assignee | ||
| Comment 10•8 years ago
           | ||
| Assignee | ||
| Comment 11•8 years ago
           | ||
        Attachment #8899654 -
        Attachment is obsolete: true
| Assignee | ||
| Updated•8 years ago
           | 
        Attachment #8899655 -
        Flags: review?(bugmail)
| Assignee | ||
| Comment 12•8 years ago
           | ||
| Comment 13•8 years ago
           | ||
Comment on attachment 8899655 [details] [diff] [review]
patch - Add pointer check to GetRootCompositorBridgeParent()
Review of attachment 8899655 [details] [diff] [review]:
-----------------------------------------------------------------
Great, thanks!
        Attachment #8899655 -
        Flags: review?(bugmail) → review+
| Comment 14•8 years ago
           | ||
Pushed by sikeda@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/408eeeae3d6c
Add pointer check to GetRootCompositorBridgeParent() r=kats
|   | ||
| Comment 15•8 years ago
           | ||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
| Updated•8 years ago
           | 
          status-firefox55:
          --- → unaffected
          status-firefox56:
          --- → disabled
          status-firefox-esr52:
          --- → unaffected
          You need to log in
          before you can comment on or make changes to this bug.
        
Description
•